Zoek.exe v5.0.0.0 Updated 21-February-2015 Tool run by jonas on za 21/02/2015 at 8:49:44,03. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KF2CZIRZ\zoek (1).exe [Scan all users] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-02-21-021902.log 33778 bytes ==== Running Processes ====================== C:\windows\system32\csrss.exe C:\windows\system32\wininit.exe C:\windows\system32\csrss.exe C:\windows\system32\services.exe C:\windows\system32\winlogon.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Norton Management\Engine\3.2.2.12\ccSvcHst.exe C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Norton Management\Engine\3.2.2.12\ccSvcHst.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\notepad.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\svchost.exe -k SDRSVC "c:\windows\system32\\svchost.exe" C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\wbem\wmiprvse.exe C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KF2CZIRZ\zoek (1).exe C:\windows\system32\conhost.exe ==== Windows Installer Info ====================== ABBYY FineReader 6.0 Sprint [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006FCA9B229EC4896DC2FC53B9CA70]C:\windows\Installer\87ddc.msi Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\windows\Installer\34e39e.msi Adobe Refresh Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008120111403]C:\windows\Installer\28c6e.msi AVG PC TuneUp 2014 (nl-NL) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDF1E5554FB93494FB577CED897FFCA8]C:\windows\Installer\1d7302.msi BatteryLifeExtender [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\14A8F3589C3AAF3478AFA17EF46C3F7F]C:\windows\Installer\64d52.msi Belgium e-ID middleware 4.0.7 (build 7466) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED365428DA576614D90C6B84F2024766]C:\windows\Installer\719f3.msi Compatibiliteitspakket voor het 2007 Microsoft Office system [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109020031400000000000F01FEC]C:\windows\Installer\1594d.msi D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\windows\Installer\ce653.msi Easy Network Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E9A5765A370FA414A9409FCB5D40957D]C:\windows\Installer\64d59.msi Google Drive [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BBCAE568B0BB5A4EA6422BD1EC5075B]C:\windows\Installer\9f5f0.msi Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0336A2D4B8F23E11C9048BCAF6798BE8]C:\windows\Installer\2dbf29.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\windows\Installer\363460.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\windows\Installer\2f100c.msi Junk Mail filter update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\807E9EB00CD53694C9DFA05A9190E097]C:\windows\Installer\6533d5.msi LabelPrint [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C971C95CD8669A946BAE1012CCCF2134]C:\windows\Installer\64d20.msi LibreOffice 4.2.8.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B4323D2B7CFDC14F98CF4C9C2021C13]C:\windows\Installer\321531.msi Microsoft .NET Framework 4.5.2 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6962609F78B5CC9309ECAD52669862D2]C:\windows\Installer\38580b.msi Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\65FC11932FE9AB9348A62CB73DDC6058]C:\windows\Installer\1a1b57.msi Microsoft Antimalware Service NL-NL Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\04B5C4C71E340984DA051E8E8F44D6F5]c:\windows\Installer\d992c.msi Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC]C:\windows\Installer\15b04.msi Microsoft Fix it Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54D8857BCDFA39C4E9E21A003F55B446]C:\windows\Installer\1473ae.msi Microsoft Office File Validation Add-In [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109500200000000000000F01FEC]C:\windows\Installer\182f10.msi Microsoft Office Live Add-in 1.3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\04DE0F7511F8AA149B62A4660D1D9ACC]C:\windows\Installer\15b6c.msi Microsoft Office PowerPoint Viewer 2007 (Dutch) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002159FA0031400000000000F01FEC]C:\windows\Installer\15947.msi Microsoft Office Suite Activation Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\487EA05EEBAFAD641A8FB7B665CD2BE2]C:\windows\Installer\15afe.msi Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BB8DD09375BB24940A92D219E3E4D947]c:\windows\Installer\1c17ab.msi Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CDBC9F6D6B85A034D84DF816BC1CDA4F]c:\windows\Installer\186806.msi Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F7CBAE891A1B5A345B50B5E43C09D8DC]c:\windows\Installer\9a10aa.msi Microsoft Security Client NL-NL Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACB9B95867356654F9886C9CAD7A9A52]c:\windows\Installer\d991f.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\windows\Installer\fd6148.msi Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B]C:\windows\Installer\15b47.msi Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581]C:\windows\Installer\ce45a.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\windows\Installer\1d7270.msi Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D9D200AB92D6E3B94CD3D7D6CB37C5]c:\windows\Installer\18eeb7.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6F9E66FF7E38E3A3FA41D89E8A906A4A]c:\windows\Installer\7bbc5.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\windows\Installer\27855a.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\windows\Installer\182f16.msi Microsoft Works [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5F1F8515B1AF94D45B64555A00B498DB]C:\windows\Installer\15941.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7205E5CD8E56BC1418C5A9BA84FB8B2E]C:\windows\Installer\6535b0.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B4EB76DD26E75124FA3A1F328A003A98]C:\windows\Installer\653527.msi MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\windows\Installer\ce64a.msi MSVCRT110 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8CDD41E806AE81E43B3E917301D4B5AD]C:\windows\Installer\2012fa.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\windows\Installer\ea70.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\windows\Installer\ea6a.msi OGA Notifier 2.0.0048.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\30A4452B0D01E5E4AB963026FF2CD081]C:\windows\Installer\ce519.msi Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4FB8353CB5373F540BE95C140A704E8E]C:\windows\Installer\653574.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\048BED4F836BECB4CAB650E73FE10021]C:\windows\Installer\6535a8.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E66BAA708174D2242981A4BFC329A217]C:\windows\Installer\65344f.msi Power2Go [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\38E1FB04BE028D11795C00905C206085]C:\windows\Installer\64d26.msi PowerDirector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\098990BCF5D15D11E99A0005AB3E711E]C:\windows\Installer\64d2c.msi PowerProducer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60EC0A7BE8606D1179DF0005ABBC8F16]C:\windows\Installer\64d3f.msi PowerStarter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\42C6FBF1DF1C10144AB2C065F4E9E897]C:\windows\Installer\64d4a.msi Samsung Support Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\041B2CCCA74BAF54AA3EDB06AD14EA00]C:\windows\Installer\64d60.msi Skype Click to Call [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9A1221D6FB710CE4182F723DE03C7010]C:\windows\Installer\ebc8e.msi SkypeT 7.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0AB19942EE0FDA44C98CE55CA0CE6F7B]C:\windows\Installer\336cb3.msi swMSM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262]C:\windows\Installer\13d25c.msi Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A91FFE89BA03B4E49B340FB6C136BE8F]C:\windows\Installer\2da02.msi Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\80316C14DFC645D4BAA61763DE801AE8]C:\windows\Installer\65338a.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9A509B147BE07C48BB1F544C6715866]C:\windows\Installer\653567.msi Windows Live Family Safety [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0CACD47C3BDD53147AC05035FB4909CB]C:\windows\Installer\653543.msi Windows Live Family Safety [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BC56C1905EEA5044195608D0F788C001]C:\windows\Installer\6535be.msi Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F78F652845587544C8D3F3334296D7F9]C:\windows\Installer\20130f.msi Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C18BC956E45B1FD46B813F757793A345]C:\windows\Installer\65336a.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\730C84D5214D86F41B79500EC34DF604]C:\windows\Installer\65359a.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B62C577B8AAE11A4CAFB675ED26F8B50]C:\windows\Installer\6533f8.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2EBA17B53A5670542A72F34F31DF9A4C]C:\windows\Installer\65357b.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B316307EBADBE3346AA6ED20363E3DD5]C:\windows\Installer\6533cd.msi Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0DBDD6825536F824B85D28C20F6860CE]C:\windows\Installer\6533dd.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4B2346D1D42EE5044ABA7D6E0D88BC9C]C:\windows\Installer\6533c5.msi Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8F1162B7EFE88E478D5910FFEEA784E]C:\windows\Installer\653395.msi Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00BA1CDCFF107CF418A6616CF790320C]C:\windows\Installer\65337b.msi Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0003981D77AEC394D8DD2E2634E659B9]C:\windows\Installer\653372.msi Windows Live Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9DDE91DC23612004292147874EAB4032]C:\windows\Installer\15b4d.msi Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C8BD9F007D5674D4BAF56F89EE8385D0]C:\windows\Installer\6533a7.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0B2C0921EEC55F4BA645417CE10AD69]C:\windows\Installer\65355c.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23644217C7B42CA40B4D9FA58CE8AD3D]C:\windows\Installer\6535b9.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5304EB40E8C384B4FB8B615548C9C0B8]C:\windows\Installer\653536.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E261E417F4DCB1F43820F7159704C952]C:\windows\Installer\653420.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B219630C148E0F64F9129301503DC9F9]C:\windows\Installer\65358c.msi ==== Checking Systemdrive for Symlinks ====================== Het volume in station C heeft geen naam. Het volumenummer is 0ECE-08D7 Map van C:\ 14/07/2009 05:53 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\ProgramData 14/07/2009 05:53 Application Data [C:\ProgramData] 14/07/2009 05:53 Desktop [C:\Users\Public\Desktop] 14/07/2009 05:53 Documents [C:\Users\Public\Documents] 14/07/2009 05:53 Favorites [C:\Users\Public\Favorites] 14/07/2009 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users 14/07/2009 05:53 All Users [C:\ProgramData] 14/07/2009 05:53 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14/07/2009 05:53 Application Data [C:\ProgramData] 14/07/2009 05:53 Desktop [C:\Users\Public\Desktop] 14/07/2009 05:53 Documents [C:\Users\Public\Documents] 14/07/2009 05:53 Favorites [C:\Users\Public\Favorites] 14/07/2009 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default 14/07/2009 05:53 Application Data [C:\Users\Default\AppData\Roaming] 14/07/2009 05:53 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14/07/2009 05:53 Local Settings [C:\Users\Default\AppData\Local] 14/07/2009 05:53 My Documents [C:\Users\Default\Documents] 14/07/2009 05:53 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14/07/2009 05:53 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 05:53 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14/07/2009 05:53 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 14/07/2009 05:53 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14/07/2009 05:53 Application Data [C:\Users\Default\AppData\Local] 14/07/2009 05:53 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 05:53 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 14/07/2009 05:53 My Music [C:\Users\Default\Music] 14/07/2009 05:53 My Pictures [C:\Users\Default\Pictures] 14/07/2009 05:53 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\jonas 30/11/2010 12:58 Application Data [C:\Users\jonas\AppData\Roaming] 30/11/2010 12:58 Cookies [C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Cookies] 30/11/2010 12:58 Local Settings [C:\Users\jonas\AppData\Local] 30/11/2010 12:58 Menu Start [C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu] 30/11/2010 12:58 Mijn documenten [C:\Users\jonas\Documents] 30/11/2010 12:58 NetHood [C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 30/11/2010 12:58 Netwerkprinteromgeving [C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 30/11/2010 12:58 Recent [C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Recent] 30/11/2010 12:58 SendTo [C:\Users\jonas\AppData\Roaming\Microsoft\Windows\SendTo] 30/11/2010 12:58 Sjablonen [C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\jonas\AppData\Local 30/11/2010 12:58 Application Data [C:\Users\jonas\AppData\Local] 30/11/2010 12:58 Geschiedenis [C:\Users\jonas\AppData\Local\Microsoft\Windows\History] 30/11/2010 12:58 Temporary Internet Files [C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\jonas\AppData\LocalLow 19/03/2013 21:10 PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 bestand(en) 0 bytes Map van C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu 30/11/2010 12:58 Programma's [C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 14/07/2009 05:53 My Music [C:\Users\Public\Music] 14/07/2009 05:53 My Pictures [C:\Users\Public\Pictures] 14/07/2009 05:53 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Map van C:\Windows\AppPatch 30/09/2014 16:10 spbin [C:\PROGRA~1\SearchProtect\SearchProtect\bin] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 50 map(pen) 40.182.235.136 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ABBYY FineReader 6.0 Sprint Adobe Flash Player 16 PPAPI Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager AnyPC Client Atheros Client Installation Program AVG PC TuneUp 2014 (nl-NL) BatteryLifeExtender Belgium e-ID middleware 4.0.7 (build 7466) CCleaner Compatibiliteitspakket voor het 2007 Microsoft Office system CyberLink DVD Suite CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDirector CyberLink PowerProducer D3DX10 Easy Display Manager Easy Network Manager Emsisoft Anti-Malware Epson Easy Photo Print 2 EPSON Scan EPSON Stylus SX100_TX100 Handboek EPSON SX100 Series Printer Uninstall Google Drive Google Earth Google Talk Plugin Google Update Helper HiJackThis Intel© Matrix Storage Manager Junk Mail filter update LibreOffice 4.2.8.2 Marvell Miniport Driver Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Fix it Center Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.3 Microsoft Office PowerPoint Viewer 2007 (Dutch) Microsoft Office Suite Activation Assistant Microsoft OneDrive Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Movie Maker MSVCRT MSVCRT110 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nokia Connectivity Cable Driver Norton Identity Safe Norton Management OGA Notifier 2.0.0048.0 Photo Common Photo Gallery Realtek High Definition Audio Driver Revo Uninstaller 1.95 Samsung Recovery Solution 4 Samsung Support Center Samsung Update Plus Skype Click to Call SkypeT 7.0 Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) swMSM User Guide Visual Studio 2012 x86 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 2009 MB CPU Info: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz CPU Speed: 591.7 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Qualcomm Atheros AR9285 Wireless Network Adapter | Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller CD / DVD Drives: 1x (E: | ) E: TEAC DV-W28S-V Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 67.0GB | D: 67.0GB Hard Disks - Free: C: 37.4GB | D: 23.0GB Manufacturer *: Phoenix Technologies Ltd. BIOS Info: AT/AT COMPATIBLE | 03/25/10 | SECCSD - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: SAMSUNG ELECTRONICS CO., LTD. R530/R730 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 11.0.9600.17633 Adobe Reader version: 11.0.10.32 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\jonas\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\windows\system32 ===== 2015-02-12 06:59:06 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\windows\System32\wdi.dll 2015-02-12 06:59:06 A580CFFC56EE72550B803AED2EFD5442 27136 ----a-w- C:\windows\System32\powertracker.dll 2015-02-12 06:59:06 1115D5A98043254A0E787F888FC273C0 635904 ----a-w- C:\windows\System32\perftrack.dll 2015-02-12 06:41:00 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\windows\System32\jscript9.dll 2015-02-12 06:41:00 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\windows\System32\jscript9diag.dll 2015-02-11 07:29:22 F2A743912D404A8866362836CFE7A648 686080 ----a-w- C:\windows\System32\adtschema.dll 2015-02-11 07:29:22 F29BC66CE4A5507A49FB20744A056E61 22016 ----a-w- C:\windows\System32\secur32.dll 2015-02-11 07:29:22 CEFE50761B7681715C66AE3488363985 100352 ----a-w- C:\windows\System32\sspicli.dll 2015-02-11 07:29:22 BF08DE8E4FA1F143D41B3241F7FCE5F6 22528 ----a-w- C:\windows\System32\lsass.exe 2015-02-11 07:29:22 ACF312F6CCFC9249F739BF439DD4B80C 15872 ----a-w- C:\windows\System32\sspisrv.dll 2015-02-11 07:29:22 4E6934926B4C923CC0FF61C6D77814EF 50176 ----a-w- C:\windows\System32\auditpol.exe 2015-02-11 07:29:22 4775E1A0E15BF148098C35A19135F881 1061376 ----a-w- C:\windows\System32\lsasrv.dll 2015-02-11 07:29:22 43791D2F736C4E9BE9FE0B33A1E92A5D 60416 ----a-w- C:\windows\System32\msobjs.dll 2015-02-11 07:29:22 36F152AE2F64B12771A44EA77124332B 146432 ----a-w- C:\windows\System32\msaudite.dll 2015-02-11 07:28:39 15E13FB1C22A47A128965287194D1906 2380288 ----a-w- C:\windows\System32\win32k.sys 2015-02-11 07:28:03 B0F7BD3492C2D60A70F15AEADCE1E2A6 47616 ----a-w- C:\windows\System32\ieetwproxystub.dll 2015-02-11 07:28:03 94B1F7CE1AAA5542923E0AD63C4D0050 60416 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll 2015-02-11 07:28:03 71189E2787179666BDCD1374AE92BF62 102912 ----a-w- C:\windows\System32\ieetwcollector.exe 2015-02-11 07:28:02 E1A4D24281526DDFEA418F729CDA9DC6 30720 ----a-w- C:\windows\System32\iernonce.dll 2015-02-11 07:28:02 C4F2424A0671907FD3AC44EBE43C3C66 667648 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe 2015-02-11 07:28:02 8E8137569741D3693F88DDF94CC38C20 1307136 ----a-w- C:\windows\System32\urlmon.dll 2015-02-11 07:28:02 74EA6C792F57E453261DA210C1BCEB53 342712 ----a-w- C:\windows\System32\iedkcs32.dll 2015-02-11 07:28:02 73AFBF165241EB4502CD15107AA12CBA 684544 ----a-w- C:\windows\System32\ie4uinit.exe 2015-02-11 07:28:02 55A84600EAAF8F1D3F0E6206E2EF6D48 47104 ----a-w- C:\windows\System32\jsproxy.dll 2015-02-11 07:28:01 FD6AF61AF029B9BC2CF4EFF57CDD5821 710144 ----a-w- C:\windows\System32\ieapfltr.dll 2015-02-11 07:28:01 EF05E63ACC834470A07A2E73D519B5FA 418304 ----a-w- C:\windows\System32\dxtmsft.dll 2015-02-11 07:28:01 8FBC9680719ACDA9351B67D906C682F4 688640 ----a-w- C:\windows\System32\msfeeds.dll 2015-02-11 07:28:01 47B26D89EF9973E2DD586D0C827F61A9 2724864 ----a-w- C:\windows\System32\mshtml.tlb 2015-02-11 07:28:01 28B2D3CB1B4306D476200D80AF7D87AD 115712 ----a-w- C:\windows\System32\ieUnatt.exe 2015-02-11 07:28:00 AD3F5926EC2C1F21FB45D1CDED6E2A47 2052608 ----a-w- C:\windows\System32\inetcpl.cpl 2015-02-11 07:27:59 F285D499EC42969D963CA49EADA63218 1888256 ----a-w- C:\windows\System32\wininet.dll 2015-02-11 07:27:59 6F10743069DFFC56DEE079204960844E 168960 ----a-w- C:\windows\System32\msrating.dll 2015-02-11 07:27:59 5FB7E9786F70F4072663746072C9E6CE 62464 ----a-w- C:\windows\System32\iesetup.dll 2015-02-11 07:27:59 44791AA90DF93DD79E63ED3A38657964 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll 2015-02-11 07:27:57 994E7459260D315573DD72783D1B78A7 478208 ----a-w- C:\windows\System32\ieui.dll 2015-02-11 07:27:57 6FA05244FD2E40A3DC08337146B3C425 285696 ----a-w- C:\windows\System32\dxtrans.dll 2015-02-11 07:27:56 78A1A938D51D4F83A772123B93EE1612 12829184 ----a-w- C:\windows\System32\ieframe.dll 2015-02-11 07:27:50 D87759889FE7BCAE4461439139E62BAA 76288 ----a-w- C:\windows\System32\mshtmled.dll 2015-02-11 07:27:49 3B9EF1B8E154D202D32A7765E2F33554 64000 ----a-w- C:\windows\System32\MshtmlDac.dll 2015-02-11 07:27:49 180168942E4A133C55E7BBF17DA3C142 1155072 ----a-w- C:\windows\System32\mshtmlmedia.dll 2015-02-11 07:27:48 9A91F9B5035F54C2D0BA92CF9B16EE34 2277888 ----a-w- C:\windows\System32\iertutil.dll 2015-02-11 07:27:47 61C74D794C14E9FC94D93F5F0F72A3F9 19740160 ----a-w- C:\windows\System32\mshtml.dll 2015-02-11 07:27:46 9DEE691C8FDBC2DE6957F1AE873C78FC 503296 ----a-w- C:\windows\System32\vbscript.dll 2015-02-11 07:27:33 48D5B4FC2235E069A444C105B65D40BD 767488 ----a-w- C:\windows\System32\appraiser.dll 2015-02-11 07:27:32 EEA1C649DBE9628150207BC563DA77F2 482304 ----a-w- C:\windows\System32\generaltel.dll 2015-02-11 07:27:31 76293EF1A6BFCCBD901107E514E48624 886784 ----a-w- C:\windows\System32\aeinv.dll 2015-02-11 07:27:31 1C562DF669A412EF40A9871C8856AEE4 621056 ----a-w- C:\windows\System32\invagent.dll 2015-02-11 07:27:30 F57E1D225AE5C2C8F475A99BFDF018F4 1167520 ----a-w- C:\windows\System32\aitstatic.exe 2015-02-11 07:27:30 048FD5432E4C2B42EE39FD9F54ED162F 325632 ----a-w- C:\windows\System32\devinv.dll 2015-02-11 07:27:29 EE0759179FC7EB0012AF1A69C8AAE185 202752 ----a-w- C:\windows\System32\aepdu.dll 2015-02-11 07:27:29 0389CAF21A50D13A90D2699750D499B5 159744 ----a-w- C:\windows\System32\aepic.dll 2015-02-11 07:27:16 0C96A745A76C7DD75C5503E86D968E49 1174528 ----a-w- C:\windows\System32\crypt32.dll 2015-02-11 07:27:06 6D227897A458DA8A9518DACDC88F1947 3917760 ----a-w- C:\windows\System32\ntoskrnl.exe 2015-02-11 07:27:06 62C93E47A424A8EC79F3CF1719A2DCC6 3972544 ----a-w- C:\windows\System32\ntkrnlpa.exe 2015-02-11 07:26:54 B3BC38B886CA53C92D52EF724A9F0D45 308224 ----a-w- C:\windows\System32\scesrv.dll 2015-02-11 07:26:17 A208DAC2932649CFF82A6A684D8BB1F6 571904 ----a-w- C:\windows\System32\oleaut32.dll 2015-02-11 07:26:13 7C893DBA0A58855A99DA68B751FD223B 248832 ----a-w- C:\windows\System32\schannel.dll 2015-02-11 07:26:12 F3F6BE20A03215209B61CA85B4A83E1F 65536 ----a-w- C:\windows\System32\TSpkg.dll 2015-02-11 07:26:12 B63A6FF4339C9B701A93D3973C7FB6D2 550912 ----a-w- C:\windows\System32\kerberos.dll 2015-02-11 07:26:12 A12D64A94EC57079C2D96A741CB4FF53 172032 ----a-w- C:\windows\System32\wdigest.dll 2015-02-11 07:26:12 7D94A9161E8432B8521E60E064B1D737 259584 ----a-w- C:\windows\System32\msv1_0.dll 2015-02-11 07:26:12 3BB446DE24501FEA5FDB9A9DB23A22AE 221184 ----a-w- C:\windows\System32\ncrypt.dll 2015-02-11 07:26:11 C256EFD3655EC782F8094E96094E8F9E 17408 ----a-w- C:\windows\System32\credssp.dll 2015-02-11 07:26:04 793F6658ED65839FDB2957A4884CB63C 1230336 ----a-w- C:\windows\System32\WindowsCodecs.dll ====== C:\windows\system32\drivers ===== 2015-02-11 07:29:22 F516F1167EFBBC5ABC90687C94497869 369968 ----a-w- C:\windows\System32\drivers\cng.sys 2015-02-11 07:29:22 EF88BAC2B489D9C46F4E41ACF0219CD0 67520 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2015-02-11 07:29:22 49D70660EE8266988C1F99A0297A1430 136640 ----a-w- C:\windows\System32\drivers\ksecpkg.sys ====== C:\windows\Tasks ====== 2015-02-10 16:29:10 BDE732E79EEBCEF9090A9BFA9E6EAA72 3280 ----a-w- C:\windows\system32\Tasks\{0120B3E8-9A99-4675-8DB9-C69DA4B4698F} 2015-02-09 15:21:52 17F64940075B4DDD1D39EF6D38D39117 3282 ----a-w- C:\windows\system32\Tasks\{B7D0C3CB-0C28-417F-B08A-4DD600E3C0FE} 2015-01-26 08:26:28 9581B4A4843315837E853C44BD27D0C7 3878 ----a-w- C:\windows\system32\Tasks\Adobe Flash Player Updater 2015-01-26 08:26:28 88170EA4BB1BF619412544CB31B8F8C2 940 ----a-w- C:\windows\Tasks\Adobe Flash Player Updater.job ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-02-19 16:20:50 -------- d-----w- C:\Program Files\BeID Minidriver 2015-02-19 16:20:49 -------- d-----w- C:\Program Files\Belgium Identity Card ======= C: ===== ====== C:\Users\jonas\AppData\Roaming ====== 2015-02-21 02:12:57 -------- d-----w- C:\windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-02-21 02:12:57 -------- d-----w- C:\Users\jonas\AppData\Local\Temp 2015-02-21 02:12:57 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-02-21 02:12:57 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-02-10 14:48:32 -------- d-----w- C:\Users\jonas\AppData\Local\Apple 2015-01-26 08:14:27 -------- d-----w- C:\Users\jonas\AppData\Local\Adobe ====== C:\Users\jonas ====== 2015-02-19 16:21:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID 2015-02-10 14:48:27 -------- d-----w- C:\ProgramData\Apple 2015-01-27 08:05:09 5450D20FF9C7A30463EBCF6DAEA829F9 19968 --sha-w- C:\Users\jonas\Thumbs.db ====== C: exe-files == === C: other files == ======== System Restore Points ======== RP1209: 16/02/2015 8:01:21 - Windows Update RP1210: 17/02/2015 10:09:21 - Installed Skype Web Plugin RP1211: 17/02/2015 14:44:52 - Removed Java 8 Update 31 RP1212: 19/02/2015 8:18:40 - Windows Update RP1214: 19/02/2015 16:24:02 - Revo Uninstaller's restore point - Belgium e-ID middleware 4.0.7 (build 7453) RP1216: 19/02/2015 16:27:35 - Revo Uninstaller's restore point - Belgium e-ID middleware 4.0.7 (build 7453) RP1217: 19/02/2015 16:35:21 - Installed Belgium e-ID middleware 4.0.7 (build 7453) RP1218: 19/02/2015 16:47:00 - Installatie van apparaatstuurprogramma: Fedict Smartcards RP1221: 19/02/2015 17:11:59 - Revo Uninstaller's restore point - Belgium e-ID middleware 4.0.7 (build 7453) RP1222: 19/02/2015 17:20:59 - Installatie van apparaatstuurprogramma: Fedict Smartcards RP1225: 19/02/2015 18:35:58 - Revo Uninstaller's restore point - Java 8 Update 31 RP1226: 20/02/2015 9:13:57 - Herstelbewerking RP1228: 20/02/2015 9:36:58 - Revo Uninstaller's restore point - Java 8 Update 31 RP1229: 20/02/2015 9:37:53 - Removed Java 8 Update 31 RP1231: 20/02/2015 9:42:13 - Revo Uninstaller's restore point - Java 8 Update 31 RP1232: 21/02/2015 2:50:10 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "EPSON SX100 Series"="C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU C:\windows\TEMP\E_SF4D9.tmp /EF HKCU" "Google Update"="C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "IgfxTray"="C:\windows\system32\igfxtray.exe" "HotKeysCmds"="C:\windows\system32\hkcmd.exe" "Persistence"="C:\windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "EPSON SX100 Series"="C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU C:\windows\TEMP\E_SF4D9.tmp /EF HKCU" "Google Update"="C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe /c" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APLangApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APLangApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\AnyPC Client\\APLangApp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CLMLServer" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\Power2Go\\CLMLSvc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\emsisoft anti-malware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="emsisoft anti-malware" "hkey"="HKLM" "command"="\"C:\\Program Files\\Emsisoft Anti-Malware\\a2guard.exe\" /d=60" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX100 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON SX100 Series" "hkey"="HKCU" "command"="C:\\windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIEDE.EXE /FU \"C:\\windows\\TEMP\\E_S3ADD.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\jonas\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyDrive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SkyDrive" "hkey"="HKCU" "command"="\"C:\\Users\\jonas\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateLBPShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\LabelPrint\" UpdateWithCreateOnce \"Software\\CyberLink\\LabelPrint\\2.5\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateP2GoShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePDRShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePDRShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDirector\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\PowerDirector\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerDirector\\7.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePPShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePPShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerProducer\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\PowerProducer\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerProducer\\5.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePSTShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePSTShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\DVD Suite\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerStarter\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "item"="OneNote 2007 Schermopname en Snel starten" "backup"="C:\\windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Google Update"="\"C:\\Users\\jonas\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 16:46] C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16/10/2014 08:23] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16/10/2014 08:23] C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001Core.job --a------ C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe [19/02/2013 06:55] C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001UA.job --a------ C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe [19/02/2013 06:55] ==== Other Scheduled Tasks ====================== "C:\windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\system32\tasks\Adobe Flash Player Updater" [C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\system32\tasks\advSRS4" ["C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe"] "C:\windows\system32\tasks\APSchedulerC" [C:\Program Files\AnyPC Client\APLanMgrC.exe] "C:\windows\system32\tasks\BatteryLifeExtender" [C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe] "C:\windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\windows\system32\tasks\Driver Booster SkipUAC (jonas)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\windows\system32\tasks\EasyDisplayMgr" ["C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe"] "C:\windows\system32\tasks\Google Updater and Installer" [C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001Core" [C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001UA" [C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\windows\system32\tasks\SamsungSupportCenter" [%programfiles%\Samsung\Samsung Support Center\SSCKbdHk.exe] "C:\windows\system32\tasks\Soluto-Diagnostics" [C:\ProgramData\Soluto\Diag\SolutoDiag.exe] "C:\windows\system32\tasks\SUPBackground" ["%ProgramFiles%\Samsung\Samsung Update Plus\SUPBackground.exe"] "C:\windows\system32\tasks\User_Feed_Synchronization-{DB0944BC-C24F-44BC-A2A4-C757F52DEE53}" [C:\windows\system32\msfeedssync.exe] "C:\windows\system32\tasks\{08F03B23-BD80-4C67-9B43-41ADD3E4CA0C}" [C:\Program Files\Samsung Casual Games\Farm Frenzy 2\Launch.exe] "C:\windows\system32\tasks\{09160203-C21F-4840-B238-B63902F77B03}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.73.106.456/nl/abandoninstall?page=tsPlugin] "C:\windows\system32\tasks\{D542E14B-73CD-417F-B5CA-CE25AF57EEB4}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.1.73.129.456/nl/abandoninstall?page=tsMain] "C:\windows\system32\tasks\{E04A7F9B-D172-403A-A240-424A57AD13D3}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116/nl/abandoninstall?source=lightinstaller&page=tsOptions&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault] "C:\windows\system32\tasks\{F3280E2D-B54D-4765-9E9B-BDABE82E03FA}" [C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe] "C:\windows\system32\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe] "C:\windows\system32\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe] "C:\windows\system32\tasks\Norton Management\Norton Error Analyzer" [C:\Program Files\Norton Management\Engine\3.2.2.12\SymErr.exe] "C:\windows\system32\tasks\Norton Management\Norton Error Processor" [C:\Program Files\Norton Management\Engine\3.2.2.12\SymErr.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\r2ananfj.default user_pref("browser.search.defaultenginename", "Yahoo!"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn" [21/02/2015 03:15] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\r2ananfj.default BBF0479C2D30519A2E746D12CAE54B43 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U71 1ED046D972B98E0ADEC4D4D61BF37695 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.710.14 6C3E34E303DBDCB9F7EC1F7A7F6B1629 - C:\Users\jonas\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 2D684F0DDF782C73847BED9503250991 - C:\Users\jonas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] nfengeggddojhakldhlpjdlddgkkjkdd - No path found[] nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx[20/09/2014 09:52] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\jonas\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully C:\Users\jonas\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Default\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe C:\Users\Default User\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe C:\Users\jonas\Desktop\Eusing Free Registry Cleaner.lnk - C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk - C:\Program Files\Emsisoft Anti-Malware\a2start.exe C:\Users\Public\Desktop\Epson Easy Photo Print.lnk - C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe C:\Users\Public\Desktop\EPSON Stylus SX100_TX100 Handboek.lnk - C:\Program Files\epson\TPMANUAL\ESSX100_TX100\NLD\USE_G\INDEX.HTM C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\LibreOffice 4.2.lnk - C:\Program Files\LibreOffice 4\program\soffice.exe C:\Users\Public\Desktop\Skype.lnk - C:\windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\eID Viewer.lnk - C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Office 2010 XAdES XL signature configuration.lnk - C:\Program Files\Belgium Identity Card\beidoffice2010_XAdES_XL.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Outlook registry configuration.lnk - C:\Program Files\Belgium Identity Card\beidoutlooksnc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_document C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files\Google\Drive\googledrivesync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_spreadsheet C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_presentation C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Base.lnk - C:\Program Files\LibreOffice 4\program\sbase.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Calc.lnk - C:\Program Files\LibreOffice 4\program\scalc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Draw.lnk - C:\Program Files\LibreOffice 4\program\sdraw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Impress.lnk - C:\Program Files\LibreOffice 4\program\simpress.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Math.lnk - C:\Program Files\LibreOffice 4\program\smath.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Writer.lnk - C:\Program Files\LibreOffice 4\program\swriter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice.lnk - C:\Program Files\LibreOffice 4\program\soffice.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk - C:\Program Files\Emsisoft Anti-Malware\a2start.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\windows\system32\rundll32.exe C:\windows\system32\shell32.dll,Options_RunDLL 1 C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\windows\system32\calc.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Disk Cleanup.lnk - C:\windows\system32\cleanmgr.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sidebar.lnk - C:\Program Files\Windows Sidebar\sidebar.exe /showgadgets C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Explorer.lnk - C:\windows\explorer.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\windows\system32\calc.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft® Works Database.lnk - C:\Users\jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe ==== Uninstall List x86 ====================== ABBYY FineReader 6.0 Sprint [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}] Adobe Flash Player 16 PPAPI [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI] Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] Adobe Refresh Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001802114130}] AnyPC Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}] Atheros Client Installation Program [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1434266-0486-4469-B338-A60082CC04E1}] AVG PC TuneUp 2014 (nl-NL) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{555E1FDF-9BF4-4943-BF75-C7DE98F7CF8A}] BatteryLifeExtender [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}] Belgium e-ID middleware 4.0.7 (build 7466) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824563DE-75AD-4166-9DC0-B6482F207466}] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] CyberLink DVD Suite [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}] CyberLink DVD Suite [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}] CyberLink LabelPrint [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}] CyberLink LabelPrint [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}] CyberLink Power2Go [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}] CyberLink Power2Go [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}] CyberLink PowerDirector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] CyberLink PowerDirector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] CyberLink PowerProducer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B7A0CE06-068E-11D6-97FD-0050BACBF861}] CyberLink PowerProducer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}] D3DX10 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] Easy Display Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{17283B95-21A8-4996-97DA-547A48DB266F}] Easy Network Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A5675A9E-F073-414A-9A04-F9BCD50459D7}] Emsisoft Anti-Malware [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1] Epson Easy Photo Print 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DEDB47A3-C988-4A43-A645-E2CEA571E680}] EPSON Scan [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Scanner] EPSON Stylus SX100_TX100 Handboek [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Stylus SX100_TX100 Gebruikershandleiding] EPSON SX100 Series Printer Uninstall [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EPSON SX100 Series] Google Drive [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}] Google Earth [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}] Google Talk Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C77CC230-7417-3F01-B70D-52583DC9FEC9}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] HiJackThis [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}] Intel© Matrix Storage Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}] Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}] LibreOffice 4.2.8.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2D3234B2-FC7B-41CD-9FC8-4F9C2C20C131}] Marvell Miniport Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Marvell Miniport Driver] Microsoft .NET Framework 4.5.2 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.2 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F9062696-5B87-39CC-90CE-DA256689262D}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3911CF56-9EF2-39BA-846A-C27BD3CD0685}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Antimalware Service NL-NL Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7C4C5B40-43E1-4890-AD50-E1E8F8446D5F}] Microsoft Fix it Center [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}] Microsoft Office Live Add-in 1.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}] Microsoft Office Suite Activation Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}] Microsoft OneDrive [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D6F9CBDC-58B6-430A-8DD4-8F61CBC1ADF4}] Microsoft Security Client NL-NL Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{859B9BCA-5376-4566-9F88-C6C9DAA7A925}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Works [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DD67BE4B-7E62-4215-AFA3-F123A800A389}] MSVCRT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] Nokia Connectivity Cable Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}] Norton Identity Safe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NST] Norton Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MCLIENT] OGA Notifier 2.0.0048.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}] Photo Common [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C3538BF4-735B-45F3-B09E-C541A007E4E8}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{07AAB66E-4718-422D-9218-4AFB3C922A71}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4DEB840-B638-4BCE-AC6B-057EF31E0012}] Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] Revo Uninstaller 1.95 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller] Samsung Recovery Solution 4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}] Samsung Support Center [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}] Samsung Update Plus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}] Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}] SkypeT 7.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\C5357B4AD7C02B3F6EF45765A07E5B725E50BBF7] swMSM [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] User Guide [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}] Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1B905A9B-EB74-4C70-B81B-5F446C178566}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{091C65CB-AEE5-4405-9165-800D7F880C10}] Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8256F87F-8554-4457-8C3D-3F3324697D9F}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{659CB81C-B54E-4DF1-B618-F35777393A54}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5D48C037-D412-4F68-B197-05E03CD46F40}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5B71ABE2-65A3-4507-A227-3FF413FDA9C4}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E703613B-BDAB-433E-A66A-DE0263E3D35D}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{286DDBD0-6355-428F-8BD5-822CF08606EC}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1893000-EA77-493C-8DDD-E262436E959B}] Windows Live Sync [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CD19EDD9-1632-4002-9212-7478E4BA0423}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{290C2B0A-CEE1-4F55-AB46-4571EC01DA96}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{71244632-4B7C-4AC2-B0D4-F95AC88EDAD3}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{714E162E-CD4F-4F1B-8302-7F5179409C25}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C036912B-E841-46F0-9F21-391005D39C9F}] ==== HijackThis Entries ====================== O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [EPSON SX100 Series] C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\windows\TEMP\E_SF4D9.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Google Update] "C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files\Norton Management\Engine\3.2.2.12\ccSvcHst.exe O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] EPSON SX100 Series = C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\windows\TEMP\E_SF4D9.tmp" /EF "HKCU" [SEIKO EPSON CORPORATION] Google Update = "C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe" /c [Google Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [Realtek Semiconductor] IgfxTray = C:\windows\system32\igfxtray.exe [Intel Corporation] HotKeysCmds = C:\windows\system32\hkcmd.exe [Intel Corporation] Persistence = C:\windows\system32\igfxpers.exe [Intel Corporation] MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] gmsd_be_65 = (empty string) [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {9421DD08-935F-4701-A9CA-22DF90AC4EA6}\(Default) = (no title provided) -> {HKLM...CLSID} = Easy Photo Print \InProcServer32\(Default) = C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [SEIKO EPSON CORPORATION / CyCom Technology Corp.] {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll [Symantec Corporation] {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\(Default) = (no title provided) -> {HKLM...CLSID} = Advanced SystemCare Browser Protection \InProcServer32\(Default) = C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [IObit] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\jonas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\jonas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\jonas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSharedEditOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSharedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSharedViewOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {AB77609F-2178-4E6F-9C4B-44AC179D937A} = a-squared Anti-Malware Shell Extension -> {HKLM...CLSID} = a-squared Anti-Malware Shell Extension \InProcServer32\(Default) = C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [Emsisoft GmbH] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = LibreOffice Infotip Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll [The Document Foundation] {3B092F0C-7696-40E3-A80F-68D74DA84210} = LibreOffice Thumbnail Viewer -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll [The Document Foundation] {63542C48-9552-494A-84F7-73AA6A7C99C1} = LibreOffice Property Sheet Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll [The Document Foundation] {AE424E85-F6DF-4910-A6A9-438797986431} = LibreOffice Property Handler -> {HKLM...CLSID} = LibreOffice Property Handler \InProcServer32\(Default) = C:\Program Files\LibreOffice 4\program\shlxthdl\propertyhdl.dll [The Document Foundation] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = LibreOffice Column Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll [The Document Foundation] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754} -> {HKLM...CLSID} = Microsoft Infotech Storage Protocol for IE 4.0 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [MS] <> skypec2c\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype Click to Call IE Pluggable Protocol \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS] <> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM...CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] <> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -> {HKLM...CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\jonas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files\Google\Drive\contextmenu32.dll [Google] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\jonas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files\Google\Drive\contextmenu32.dll [Google] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\jonas\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\windows\system32\igfxpph.dll [Intel Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = LibreOffice Column Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll [The Document Foundation] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoLowDiskSpaceChecks = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM...CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] P2GCDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankCD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] P2GDVDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankDVD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] PDirDVArrival\ Provider = PowerDirector ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files\CyberLink\PowerDirector\PDR.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Power2GoPlayCDAudioOnArrival\ Provider = Power2Go InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.] PStarterBlankCDArrival\ Provider = DVD Suite InvokeProgID = BlankCD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L" [CyberLink] PStarterDVDBurningOnArrival\ Provider = DVD Suite InvokeProgID = BlankDVD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L" [CyberLink] PStarterMixedCDArrival\ Provider = DVD Suite InvokeProgID = MixedContent InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L" [CyberLink] PStarterMusicFilesArrival\ Provider = DVD Suite InvokeProgID = MusicFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L" [CyberLink] PStarterPicturesArrival\ Provider = DVD Suite InvokeProgID = Picture InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L" [CyberLink] PStarterVideoFilesArrival\ Provider = DVD Suite InvokeProgID = VideoFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe" "%L" [CyberLink] WIA_{8936C4D5-CB3B-4710-9DDD-1275E8AA524B}\ Provider = ABBYY FineReader 6.0 Sprint CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\windows\system32\WPDShextAutoplay.exe [MS] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\jonas\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CNorton.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] Adobe Flash Player Updater -> launches: C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] Adobe-online actualiseringsprogramma -> launches: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] BatteryLifeExtender -> (HIDDEN!) launches: C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2 [Samsung Electronics. Co. Ltd.] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] Driver Booster SkipUAC (jonas) -> launches: C:\Program Files\IObit\Driver Booster\DriverBooster.exe /skipuac [file not found] EasyDisplayMgr -> (HIDDEN!) launches: "C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe" [Samsung Electronics Co., Ltd.] Google Updater and Installer -> launches: C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001Core -> launches: C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001UA -> launches: C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] Java Update Scheduler -> launches: C:\Program Files\Common Files\Java\Java Update\jusched.exe [file not found] SamsungSupportCenter -> (HIDDEN!) launches: %programfiles%\Samsung\Samsung Support Center\SSCKbdHk.exe [SAMSUNG Electronics] Soluto-Diagnostics -> (HIDDEN!) launches: C:\ProgramData\Soluto\Diag\SolutoDiag.exe anonId:7bdf85b1-4d4f-441c-a5f2-918ca4c637d5 uri:prodenv6.mysoluto.com [file not found] SUPBackground -> (HIDDEN!) launches: "%ProgramFiles%\Samsung\Samsung Update Plus\SUPBackground.exe" [null data] User_Feed_Synchronization-{DB0944BC-C24F-44BC-A2A4-C757F52DEE53} -> (HIDDEN!) launches: C:\windows\system32\msfeedssync.exe sync [MS] {0120B3E8-9A99-4675-8DB9-C69DA4B4698F} -> launches: C:\windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}\setup.exe" -c -runfromtemp -l0x0009 -removeonly [MS] {09160203-C21F-4840-B238-B63902F77B03} -> launches: "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.73.106.456/nl/abandoninstall?page=tsPlugin [MS] {0B9E9B14-6849-4364-8384-8288BE4EC9A0} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZDRADI7\epson324609eu.exe" -d D:\Gebruikersdata\Bureaublad [MS] {0ED77501-B7B6-4C44-91CC-8360A4E8C7C2} -> launches: C:\windows\system32\pcalua.exe -a D:\Gebruikersdata\Downloads\JavaSetup8u25.com -d D:\Gebruikersdata\Downloads [MS] {163D528E-034C-4A3F-AE95-CC86A4752AEE} -> launches: C:\windows\system32\pcalua.exe -a "C:\Program Files\EPSON\TPMANUAL\ESSX100_TX100\NLD\USE_G\DOCUNINS.EXE" [MS] {166716FE-6B3E-4D9E-86A6-391716AFAE3E} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYVD7H02\wlsetup-web.exe" -d D:\Gebruikersdata\Bureaublad [MS] {204728F2-4918-4212-9CCD-C640C5E8BC6F} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY87W3NP\solutoinstaller.exe" -d D:\Gebruikersdata\Bureaublad [MS] {A94672A0-BCC7-49BA-AA33-7CEF5C2BBFB3} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24FTMKO2\SpyHunter-Installer (1).exe" -d D:\Gebruikersdata\Bureaublad [MS] {B7D0C3CB-0C28-417F-B08A-4DD600E3C0FE} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK1UAFWI\JavaSetup8u31.com" -d D:\Gebruikersdata\Bureaublad [MS] {CE7ABC7E-B51E-40D1-BD3E-FAF189A888F1} -> launches: C:\windows\system32\pcalua.exe -a C:\Users\jonas\AppData\Local\Temp\Temp1_zoek.zip\zoek.com [MS] {D34597CF-E127-4FD5-8349-9CB89231B200} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OYMLO9I\startuplite-setup-1.07.exe" -d D:\Gebruikersdata\Bureaublad [MS] {D542E14B-73CD-417F-B5CA-CE25AF57EEB4} -> launches: "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.1.73.129.456/nl/abandoninstall?page=tsMain [MS] {E04A7F9B-D172-403A-A240-424A57AD13D3} -> launches: "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116/nl/abandoninstall?source=lightinstaller&page=tsOptions&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault [MS] {E43D1FA6-B1BF-49C6-B27F-4EB93B005C3E} -> launches: C:\windows\system32\pcalua.exe -a C:\Windows\twain_32\escndv\escndv.exe -d D:\Gebruikersdata\Bureaublad [MS] {F3280E2D-B54D-4765-9E9B-BDABE82E03FA} -> launches: C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe [FedICT] {FCDC6763-6955-48BF-8B73-6721AEA4AB00} -> launches: C:\windows\system32\pcalua.exe -a "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACDYMGZF\JavaSetup8u25.com" -d D:\Gebruikersdata\Bureaublad [MS] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS] Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Norton Identity Safe Norton Error Analyzer -> launches: C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe /analyze [Symantec Corporation] Norton Error Processor -> launches: C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe /submit [Symantec Corporation] C:\Windows\System32\Tasks\Norton Management Norton Error Analyzer -> launches: C:\Program Files\Norton Management\Engine\3.2.2.12\SymErr.exe /analyze [Symantec Corporation] Norton Error Processor -> launches: C:\Program Files\Norton Management\Engine\3.2.2.12\SymErr.exe /submit [Symantec Corporation] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-3328793180-4141964508-2228772626-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 24 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {A13C2648-91D4-4BF3-BC6D-0079707C4389} -> {HKLM...CLSID} = Norton Identity Safe Toolbar \InProcServer32\(Default) = C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll [Symantec Corporation] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {9421DD08-935F-4701-A9CA-22DF90AC4EA6} = EPTBL -> {HKLM...CLSID} = Easy Photo Print \InProcServer32\(Default) = C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [SEIKO EPSON CORPORATION / CyCom Technology Corp.] {A13C2648-91D4-4BF3-BC6D-0079707C4389} = Norton Identity Safe Toolbar -> {HKLM...CLSID} = Norton Identity Safe Toolbar \InProcServer32\(Default) = C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll [Symantec Corporation] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ MenuText = Sun Java Console CLSIDExtension = {CAFEEFAC-001071-0002-0071-ABCDEFFEDCBC} {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call settings CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...CLSID} = Skype Click to Call settings \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> Tabs = about:newtab [file not found] <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Emsisoft Anti-Malware 7.0 - Service, a2AntiMalware, "C:\Program Files\Emsisoft Anti-Malware\a2service.exe" [Emsisoft GmbH] EPSON V3 Service4(01), EPSON_PM_RPCV4_01, C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [SEIKO EPSON CORPORATION] EPSON V5 Service4(01), EPSON_EB_RPCV4_01, C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [SEIKO EPSON CORPORATION] Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] Norton Identity Safe, NCO, "C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe" /s "NCO" /m "C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\diMaster.dll" /prefetch:1 [Symantec Corporation] Norton Management, MCLIENT, "C:\Program Files\Norton Management\Engine\3.2.2.12\ccSvcHst.exe" /s "MCLIENT" /m "C:\Program Files\Norton Management\Engine\3.2.2.12\diMaster.dll" /prefetch:1 [Symantec Corporation] Oberon Media Game Console service, OberonGameConsoleService, "C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe" [null data] Skype Click to Call PNR Service, c2cpnrsvc, "C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [MS] Skype Click to Call Updater, c2cautoupdatesvc, "C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [MS] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> CleanHlp, Driver <> CleanHlp.sys, Driver <> hitmanpro36, <> hitmanpro36.sys, <> MCODS, <> MsMpSvc, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> CleanHlp, Driver <> CleanHlp.sys, Driver <> hitmanpro36, <> hitmanpro36.sys, <> MCODS, <> MsMpSvc, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ EPSON SX100 Series 32MonitorBE\Driver = E_FLBEDE.DLL [SEIKO EPSON CORPORATION] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYRSUZQA will be deleted at reboot C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KF2CZIRZ will be deleted at reboot C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0ZMZBYK will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\jonas\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=610 folders=77 133830914 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\jonas\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\jonas\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYRSUZQA" deleted "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KF2CZIRZ" not found "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0ZMZBYK" deleted "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on za 21/02/2015 at 9:21:27,14 ======================